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DETAILED ACTION 



Response to Arguments 

1 . In response to the argument that the Examiner has improperly failed to consider 
the compliant citations in the IDS filed August 6, 2003, the Examiner has reviewed the 
cited section of the MPEP and agrees with Applicant's position. Accordingly, the 
Examiner will provide an appropriately initialed copy of the PTO-1449 form indicating 
consideration of the properly cited prior art. The Examiner notes, however, that the 
citation for the reference Simplifying Network Administration using Policy based 
Management remains non-compliant. Specifically, the citation lacks page numbers and, 
more importantly, a date of publication. Additionally, the citation for "Autonomic 
Computing: IBM's Perspective on the State of Information Technology" also lacks a date 
of publication. See MPEP §609. 

2. In response to the argument with respect to the objection to the specification, the 
argument is persuasive and the objection is withdrawn. 

3. In response to the argument with respect to the rejection of claims 9 and 10 
under 35 USC §101 , the Examiner respectfully submits that Applicant has 
misunderstood the basis for the rejection. Claim 9 recites three elements: an 
"administration policy," a "policy evaluation component," and an "exit routine." The terms 
"policy" and "routine" cannot reasonably be interpreted to require physical structure. In 
interpreting the term "component," the Examiner turned to Applicant's specification for 
guidance. Paragraph [0017] states that the definition of "components" includes 
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"software resources." Therefore, the "policy evaluation component." too, may be 
reasonably interpreted as not requiring physical structure. Finally, the presence of the 
term "system" in the preamble does not, without more, preclude the claim from being 
directed entirely towards software. However, on page 5 of Applicant's response, 
Applicant submitted that "the system must include and/or be coupled to physical 
components (i.e., hardware) to be functional." In light of these remarks now of record, 
claims 9 and 10 will be construed to require hardware components. Accordingly, the 
rejections under 35 USC §101 are withdrawn. 

4. In response to the argument with respect to the rejection of claims 6 and 16 
under the second paragraph of 35 USC §1 12, the argument is persuasive and the 
rejections are withdrawn. The Examiner notes, however, that the term "autonomic" will 
be given its broadest reasonable interpretation. 

5. Applicant's arguments with respect to the prior art rejections of claims 1-18 have 
been fully considered but they are not persuasive. Although relevant citations are 
provided as a guide, the rejections are based on the references as a whole. However, 
the Examiner will address the specific issues raised by Applicant. 

6. In response to the argument that Lortz fails to show " a request to perform an 
administrative task," Applicant is directed to paragraph [0045], which discusses a 
"resource request." 

7. In response to the argument that Lortz fails to disclose that the "policy" comprises 
a set of rules for governing the editing, Applicant is directed to paragraph [0021], which 
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describes that the policy governs whether or not editing is permitted for a particular 
resource and user. 

8. In response to the argument that Lortz fails to teach retrieval of the administration 
policy " responsive to a request," Applicant is directed to paragraph [0044], which 
describes that the evaluation procedure, including the retrieval of policy data, occurs 
"[o]nce the resource device 14 receives the resource request." 

9. In response to the arguments that Lortz fails to teach "a set of rules for governing 
said administrative task" and "permitting the administrative task of editing," the 
Examiner respectfully disagrees. Access to resources in Lortz are based on the level of 
permission of the requestor. For example, if a client requests to edit a resource but has 
only "reviewer" level permission, that request is denied. If a client requests to edit a 
resource and has "editor" level permission, that request is permitted. See also 
paragraph [0021]. 

Information Disclosure Statement 

1 . The information disclosure statement filed August 6, 2003 fails to comply with the 
provisions of 37 CFR 1 .97, 1 .98 and MPEP § 609 because the citation for the reference 
Simplifying Network Administration using Policy based Management lacks a date of 
publication and a listing of relevant pages. Additionally, the citation for "Autonomic 
Computing: IBM's Perspective on the State of Information Technology" also lacks a date 
of publication. The IDS has been placed in the application file, but the aforementioned 
references have not been considered as to the merits. Applicant is advised that the 
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date of any re-submission of any item of information contained in this information 
disclosure statement or the submission of any missing element(s) will be the date of 
submission for purposes of determining compliance with the requirements based on the 
time of filing the statement, including all certification requirements for statements under 
37 CFR 1.97(e). See MPEP § 609.05(a). 

Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not Identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-2, 9, and 1 1-12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lortz (US PGPUB 2003/0018786) in view of Hopmann et al. (US Pat. 
No. 6,499,031, hereinafter "Hopmann"). 

3. As to claims 1 and 1 1 , Lortz shows a systems administration policy enforcement 
method, and a machine readable storage having stored thereon a program for causing 
a machine to perform such a method (inherent to any computer-implemented system), 
comprising: 

a. responsive to a request (comprising a "resource request": see Fig. 4C and 
[0043]) to perform an administrative task (the task comprising "editing": see 
[0021]) directed to a resource (resource device 14) within a computing network 
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(network 16). retrieving an administration policy comprising a set of rules for 
governing said administrative task (the policy comprising policy data and the 
rules comprising access control entries: see [0019] and [0044]-[0045]); and 
b. permitting said administrative task only if a set of rules in said retrieved 
policy are satisfied (see step 310 in Fig. 4C and [0045]). 

4. Lortz does not show retrieving state data for a resource and applying a policy to 
retrieved state data. 

5. Hopmann shows retrieving state data (comprising whether or not a resource is 
locked) for a resource and applying a policy to retrieved state data (the policy being that 
a resource is only available if it does not have a lock token: see lines 7-9 of col. 1 and 
col. 8, line 65 to col. 9, line 2). 

6. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the invention of Lortz with the evaluation of state data as taught by 
Hopmann in order to prevent administrative task requests from ovenA/riting one another 
(see Hopmann, col. 2, lines 14-18). 

7. As to claims 2 and 12, Lortz in view of Hopmann shows the limitations of claims 1 
and 1 1 as applied above, and Lortz further shows providing a user interface for 
establishing said set of rules for said administration policy (see lines 7-10 of [0031]); 
and storing said administration policy for subsequent retrieval in said retrieving step 
(see lines 1-5 of [0035]). 
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8. As to claim 9, Lortz shows a system administration policy enforcement system 
comprising: 

c. an administration policy comprising a set of rules for permitting and 
disallowing administration of resources in a system hosting a plurality of 
interdependent resources (the policy comprising policy data and the rules 
comprising access control entries: see [0019] and [0044]-[0045]); 

d. a policy evaluation component configured to determine whether rules in 
said administration policy are satisfied (comprising the component which 
determines whether or not to grant a client access, as described in [0045]); and 

e. an exit routine coupled to a resource in said network, said exit routine 
having logic for fonA^arding requests to administer said resource to said policy 
evaluation component (the exit routine comprising the component which receives 
the resource request and initiates the evaluation process: see [0044]). 

9. Lortz does not show the policy evaluation component configured to retrieve 
resource state data and determine whether said retrieved resource data satisfies rules 
in said administration policy. 

1 0. Hopmann shows retrieving resource state data (comprising whether or not a 
resource is locked ) and determining whether said retrieved resource state data satisfies 
rules in an administration policy (the policy being that a resource is only available if it 
does not have a lock token: see lines 7-9 of col. 1 and col. 8, line 65 to col. 9, line 2). 

11. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the invention of Lortz with the evaluation of state data as taught by 
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Hopmann in order to prevent administrative tasl< requests from overwriting one another 
(see Hopmann, col. 2, lines 14-18). 

12. Claims 3 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Lortz (US PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6.499.031), and 
further in view of Bell et al. (US Pat. No. 6,880,005, hereinafter "Bell"). 

13. Lortz in view of Hopmann shows the limitations of claim 1 as applied above, and 
additionally shows permitting an administrative task only if information satisfies a set of 
rules in a retrieved policy (see Lortz, [0045]). Lortz in view of Hopmann does not show 
retrieving environmental information, or pemnitting the administrative task where the 
information is environmental infomnation. 

14. Bell shows retrieving environmental information for a computing network (the 
information comprising the current weekday, and the retrieving being inherent to 
evaluating a policy which dictates that information can only be accessed during 
specified days of the week: see col. 3, lines 27-30 and col. 2. lines 16-20). Bell further 
shows permitting an administrative task only if the environmental data satisfies a set of 
rules in a policy (see col. 3, lines 27-30). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to further modify the invention of Lortz in view 
of Hopmann with the environmental data and policy evaluation of Bell in order to ensure 
that administrative tasks are allowed to occur only during specified times. 
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15. Claims 4-7 and 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Lortz (US PGPUB 2003/0018786) in view of Hopmann (US Pat No. 6,499.031). 
and further in view of Burns et al. (US PGPUB 2003/0014644. hereinafter "Burns"). 

16. As to claims 4 and 14, Lortz in view of Hopmann show the limitations of claims 1 
and 1 1 as applied above, and show retrieving state data for said resource as applied 
above, but do not show retrieving state data for other related resources in said 
computing network. 

17. Burns shows retrieving state data for other related resources in a computing 
network (see [0038]). It would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the invention of Lortz in view of Hopmann with the state 
retrieval of Burns in order to ensure that all the relevant network policies are upheld 
(see Burns, lines 9-13 of [0038]). 

18. As to claims 5 and 15, Lortz in view of Hopmann show the limitations of claims 1 
and 1 1 as applied above, and further show disallowing said administrative task if said 
further retrieved state data fails to satisfy said set of rules in said retrieved policy (see 
step 310 of Lurtz), but do not show identifying a related resource having a related 
resource state giving rise to said state data for said resource failing to satisfy said set of 
rules in said retrieved policy; requesting remediation of said related resource state so 
that said related resource state satisfies said set of rules in said retrieved policy; and 
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further permitting said administrative task subsequent to a remediation of said related 
resource state. 

19. Burns shows identifying a related resource having a related resource state giving 
rise to state data for a resource failing to satisfy a set of rules in a retrieved policy (see 
lines 1-9 of [0039] and lines 6-10 of [0044]); and requesting remediation of said related 
resource state so that said related resource state satisfies said set of rules in said 
retrieved policy (see [0044]-[0045]). It would have been obvious to one of ordinary skill 
in the art at the time of the invention to further modify the invention of Lortz in view of 
Hopmann with the identification and remediation system of Burns in order to ensure 
security policies are upheld even when the state of the network and its components 
change (see Burns, [001 1]). 

20. It is noted that the method of Lortz in view of Hopmann and Burns would permit 
said administrative task subsequent to a remediation of said related resource state, as 
the system would have no reason to disallow the task if the related resource state were 
remediated. 

21 . As to claims 6 and 16, it is noted that the steps of disallowing, identifying, 
requesting, and further permitting are performed autonomically; that is, without the 
invention of a human operator. 

22. As to claims 7 and 17, it is noted that the steps of disallowing, identifying, 
requesting, and further permitting as applied above are performed recursively for each 
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related resource whose state gives rise to a failure of said resource to satisfy said 
retrieved policy (see Burns, [0045]). 

23. Claims 8 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Lortz (US PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6,499.031). and 
further in view of Hall (US Pat. No. 5,930,479). 

24. Lortz in view of Hopmann show the limitations of claims 1 and 1 1 as applied 
above, and further show inserting an exit routine in an administrative interface of said 
resource (the exit routine comprising the component which receives the resource 
request and initiates the evaluation process, and the administrative interface being the 
necessary interface through which the client requests the resource: see [0044]), said 
exit routine having a configuration for forwarding requests to administer said resource to 
a policy evaluation component programmed to perform said steps of retrieving, further 
retrieving, applying, permitting (the forwarding being necessary to initiate the request to 
the policy manager and evaluate the received policy data: see [0044]-[0045]), but do not 
show that the administrative interface is an administrative console. 

25. Hall shows an administrative interface comprising an administrative console (see 
Fig. 1 1 and lines 39-58 of col. 16). It would have been obvious to one of ordinary skill in 
the art at the time of the invention to modify the invention of Lortz In view of Hopmann 
with the administrative console of Hall in order to provide a familiar interface through 
which clients may make task requests (see lines 53-56 of col. 16). 
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26. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lortz 
(US PGPUB 2003/0018786) In view of Hopmann (US Pat. No. 6,499,031). and further in 
view of Krumel (US PGPUB 2002/0083331). 

27. Lortz in view of Hopmann show the limitations of claim 9 as applied above, but 
do not show a rules engine coupled to said policy evaluation component and configured 
to retrieve said set of rules on behalf of said policy evaluation component. Krumel 
shows a rules engine configured to retrieve rules (see lines 5-8 of [0096]). It would have 
been obvious to one of ordinary skill in the art to modify the invention of Lortz in view of 
Hopmann with the rules engine of Krumel in order to speed development by using pre- 
existing software products to perform the rule retrieval. See also paragraph [0023] of 
applicant's specification, which explains that rules engines are well-known in the art. 

Conclusion 

1 0. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher D. Biagini whose telephone number is (571) 

272- 9743. The examiner can nonnally be reached on M-R 7:30-5, 7:30-4 alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomnation about the PAIR system, see http://palr-dlrect.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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(571)272-9743 
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SUPERVISORY PATENT EXAMINER 



